Mac users have gotten complacent about security because macOS malware is rare. A new malware called Infinity Stealer targets that complacency by tricking users into clicking fake error messages that prompt them to run malicious commands. It's social engineering, not a technical vulnerability. And it's working.
The attack doesn't exploit a vulnerability in macOS. It exploits trust. And technical safeguards can't protect against users who think they're fixing a problem.
Infinity Stealer uses what security researchers call "ClickFix" lures. Users encounter what appears to be a legitimate error message, often on a website or in an email. The message says something needs to be fixed and provides helpful instructions to resolve it.
The instructions tell users to open Terminal and paste a command. The command is provided in a copy-paste-ready format. It looks technical but benign. Users who follow the instructions are actually executing malware that steals their data.
What makes this effective is the psychology. Mac users don't expect malware. When they see an error message with a technical fix, many assume it's legitimate troubleshooting. The Terminal command adds an air of authority, like you're doing something only an advanced user would do.
Plus, macOS security features like Gatekeeper and code signing are designed to prevent malicious apps from running. They're not designed to prevent users from intentionally executing malicious commands. If you paste a command into Terminal yourself, you've given explicit permission. No security tool can save you from that.
Infinity Stealer targets the usual data: passwords, browser cookies, cryptocurrency wallets, files, and system information. Once installed, it can exfiltrate data silently in the background while appearing to have "fixed" whatever problem the error message claimed existed.
The technology is straightforward. The question is why Mac users trust error messages asking them to run Terminal commands.
This attack works because Mac malware is rare enough that users don't have their guard up. On Windows, users have been trained for decades not to click suspicious things or run unknown executables. Mac users haven't had the same training because they haven't needed it.
